zoom 用户被锁定_带有安全漏洞的Zoom Grapps会使用户在App上感到烦恼

  • Post author:
  • Post category:其他


zoom 用户被锁定


By Alyza Sebenius and Kartikay Mehrotra


作者:Alyza Sebenius和Kartikay Mehrotra

During the coronavirus pandemic, it seems as if everyone is connecting with Zoom’s videoconferencing app — including, on occasion, unwanted visitors.

在冠状病毒大流行期间,似乎每个人都在连接Zoom的视频会议应用程序-有时包括不需要的访客。

Online trolls have been sneaking into web meetings and disrupting them with profanities and pornography for at least the better part of the last month. Cybersecurity researchers fear these disruptions could be a precursor to more harmful attacks allowing hackers to commandeer connected machines to access secure files or other corporate software.

至少在上个月的大部分时间里,在线巨魔一直潜入网络会议,并通过亵渎和色情手段破坏网络会议。 网络安全研究人员担心,这些破坏可能是更有害的攻击的先兆,这些攻击使黑客可以命令连接的计算机访问安全文件或其他公司软件。

“Much of our current reality is unchartered territory, and this growing dependence on Zoom at home is just another one,” said Mark Ostrowski, regional head of engineering for Check Point Software Technologies Ltd. “As soon as a platform’s attack surface gets big enough, you can only expect that they’ll become more interesting to attackers. That’s what’s happened to Zoom.”

Check Point Software Technologies Ltd.工程区域负责人Mark Ostrowski表示:“我们目前的现实大多是未知领域,而对在家中Zoom的日益依赖只是其中之一。一旦平台的攻击面变得足够大, ,您只能期望它们会对攻击者变得更加有趣。 这就是Zoom发生的事情。”

In a Wednesday blog

post

, Zoom said that it takes security concerns “extremely seriously” and is working to address them. In addition, a Zoom representative said in an email that the company is upset about reports of harassment on Zoom and has sought to educate users about protecting meetings.

在周三的博客

文章中

,Zoom表示“非常认真地”考虑安全问题,并正在努力解决这些问题。 此外,Zoom的代表在一封电子邮件中说,该公司对有关Zoom骚扰的报道感到不满,并试图教育用户保护会议。

Zoom also apologized, in

another blog

, for “the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.” While the company strives to use encryption in as many scenarios as possible, “we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”

Zoom还在

另一个博客中

道歉:“我们由于错误地暗示Zoom会议能够使用端到端加密而引起的困惑。” 尽管该公司努力在尽可能多的情况下使用加密,但“我们认识到端到端加密的普遍接受的定义与使用方式之间存在差异。”

But there’s good news. Users don’t have to follow Elon Musk, whose SpaceX has banned the use of Zoom Video Communications Inc. amid privacy concerns.

但是有个好消息。 用户不必关注Elon Musk,后者出于隐私方面的考虑,其SpaceX已禁止使用Zoom Video Communications Inc.。

There are a few simple steps to host secure video meetings, according to security experts. For instance, ensure your meeting is password protected, and don’t share meeting IDs and passwords on social media, where criminal hackers may grab the credentials.

据安全专家称,有几个简单的步骤可以主持安全的视频会议。 例如,确保您的会议受密码保护,并且不要在社交媒体上共享会议ID和密码,否则犯罪黑客可能会在其中窃取凭据。

Experts also recommend that meeting or classroom organizers take attendance and kick out unwanted visitors. Here are a few more tips:

专家还建议会议或教室组织者参加会议并赶走不需要的访客。 这里有一些提示:

  • Use the waiting-room feature to screen meeting participants before allowing them to interact in the meeting room. This can be accessed by clicking on the settings tab and then the In Meeting (Advanced) option.

    在允许与会者在会议室中进行交互之前,请使用等候室功能来筛选与会者。 可以通过单击“设置”选项卡,然后单击“会议中(高级)”选项进行访问。

  • Use conference IDs instead of links when inviting others to join. Links can be malicious and used to hack unsuspecting users.

    邀请其他人加入时,请使用会议ID而不是链接。 链接可能是恶意的,并用于黑客毫无戒心的用户。

  • Don’t repeat meeting IDs to keep unwanted participants out of meetings.

    不要重复会议ID,以使不需要的与会者退出会议。

  • Apply scrutiny to links and documents, which can contain malicious code.

    对链接和文档进行仔细检查,其中可能包含恶意代码。

  • When not using computer microphones and webcams, use blockers or covers, both of which can be purchased online.

    不使用计算机麦克风和网络摄像头时,请使用阻隔器或保护套,两者均可在线购买。

Zoom’s shares

have more than doubled this year

as investors bet that the teleconferencing company would be one of the rare winners from the coronavirus pandemic. The company has become wildly popular, reaching more than 200 million daily meeting participants in March, according to its blog. But it has also drawn increased scrutiny from cybersecurity and privacy experts.

由于投资者押注该电话会议公司将成为冠状病毒大流行的罕见赢家之一,因此Zoom的股价

今年已上涨了一倍以上

。 该公司的博客称,该公司已变得非常受欢迎,在3月每天有超过2亿的每日会议参与者。 但这也引起了网络安全和隐私专家的越来越多的审查。

The most recent incident came on Monday when Patrick Wardle, principal security researcher at

Jamf

,

published a blog about

two new flaws in Zoom. If already infected with malware, the Mac OS desktop version could enable attackers to gain high-level privileges and hijack the webcam and microphone, he said. Zoom

said

it subsequently released fixes for the issues.

最近的一次事件发生在星期一,当时

Jamf

首席安全研究员Patrick Wardle

发表了一篇有关

Zoom中两个新缺陷

的博客

。 他说,如果已经感染了恶意软件,则Mac OS桌面版本可以使攻击者获得高级特权并劫持网络摄像头和麦克风。 Zoom

表示

随后发布了针对该问题的修复程序。

Zoom appears to have been designed with security as an “afterthought,” Wardle said, adding that it was a common phenomenon among startups primarily focused on users and funding.

Wardle说,Zoom的设计似乎是出于安全考虑,这是“事后才想到的”,并补充说,在主要关注用户和资金的初创公司中,这是一种普遍现象。

But Zoom’s meteoric popularity has drawn additional scrutiny.

但是Zoom的Swift普及吸引了更多的关注。

“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” Zoom said in the blog post. The influx of new users has presented the company with “challenges we did not anticipate when the platform was conceived” and that company “committed to learning from them and doing better in the future.”

Zoom在博客文章中说:“我们设计产品的初衷是,在短短几周内,全世界每个人都会突然在家工作,学习和社交。” 新用户的涌入给公司带来了“我们在构想平台时就没有想到的挑战”,并且该公司“承诺向他们学习并在未来做得更好。”

On March 30, the

FBI issued a warning

about so-called “zoom-bombing,” urging users not to make classes or meetings public or share links to teleconferences on social media.

3月30日,

联邦调查局(FBI)发布了

有关所谓的“炸弹爆炸”

的警告

,敦促用户不要公开授课或开会,也不要在社交媒体上共享电话会议的链接。

That same day, a Zoom user sued the company claiming its services were illegally disclosing personal information.

同一天,Zoom用户起诉该公司,声称其服务非法披露了个人信息。

The company collects information when users install or open the Zoom application and shares it, without proper notice, to third parties including Facebook Inc., according to the federal lawsuit. Yet Zoom’s privacy policy doesn’t explain to users that its app contains code that discloses information to others, according to the complaint.

根据联邦诉讼,该公司在用户安装或打开Zoom应用程序时收集信息,并在没有适当通知的情况下将其共享给包括Facebook Inc.在内的第三方。 投诉称,Zoom的隐私政策并未向用户解释其应用程序包含向他人透露信息的代码。

Zoom acknowledged that it shares data with Facebook in a blog

post

on March 27.

Zoom在3月27日的博客

文章中

承认与Facebook共享数据。

In addition, New York State Attorney General Letitia James wrote a recent letter to Zoom that included “a number of questions to ensure the company will take appropriate steps to ensure users’ privacy and security is protected,” according to a spokesperson for the attorney general’s office, who declined to share a copy of the letter.

此外,纽约州总检察长莱蒂蒂亚·詹姆斯(Letitia James)最近给Zoom致信,其中包括“许多问题,以确保公司将采取适当步骤来确保用户的隐私和安全受到保护,”该总检察长的发言人说。办公室,但拒绝分享这封信的副本。

Concerns over Zoom’s security practices aren’t new. Last year, a researcher named

Jonathan Leitschuh discovered

that the desktop version of Zoom for Macs quietly installed a web server — one that remained on systems even if the app was removed — that presented a new way for hackers to access webcams, he said. Apple Inc.

released an update in July

that plugged the security hole.

对Zoom的安全性做法的担忧并非新鲜事。 他说,去年,一位名为

Jonathan Leitschuh

的研究人员

发现

,桌面版Zoom for Macs悄悄地安装了Web服务器(即使删除了该应用程序,该服务器仍保留在系统中),这为黑客提供了一种访问网络摄像头的新方法。 苹果公司

在7月发布了一个更新程序,该更新

程序填补了安全漏洞。

Holding Zoom’s “feet to the fire” around security and privacy amid the app’s new popularity will create incentives for the company to adapt, Leitschuh said in an interview.

Leitschuh在一次采访中说,在该应用程序的新普及度中,围绕着安全性和隐私持有Zoom的“脚步”将为该公司做出适应的动力。


— With assistance from Joel Rosenblatt


—在Joel Rosenblatt的协助下

翻译自:

https://medium.com/bloomberg/zoom-grapples-with-security-flaws-that-sour-users-on-app-6156f973d7cb

zoom 用户被锁定